Enormous amounts of data are being stored through web applications every day. Computer databases allow storage of digital data in an organized format that allows for searches to retrieve a particular subset of data utilizing specialized commands in a query language, such as Structured Query Language (SQL). SQL allows data entry, manipulation, and deletion. SQL statements can be generated by a client application based on user input or stored in database procedures to be run on a schedule or on request by a Database Administrator (DBA). The SQL is executed by a Database Management System (DBMS), which is a software system designed to allow administration of a database and to control access to a database.
Within a database, some data tables may contain both user sensitive information, such as birthdates, credit card numbers, etc., as well as non-sensitive information. Data protection is required to prevent unauthorized access to sensitive information. Most databases are protected by a single userid or “machine id” for all users to access the data. A second method of data protection includes the use of a unique database userid and password for each individual user, along with table definitions that include a field to allow segregation of data by the userid. This last approach requires maintenance by a Database Administrator (DBA) to create a new userid for each user and set permission access by table for each new userid, which can be time consuming on a busy database. While database files are typically encrypted as a whole, this does not prevent authorized users from seeing all the data in the table. Some encryption of table fields may be performed, but it is time and resource consuming to decrypt all rows when doing searches, causing a slow-down of database performance.